Anne, What do you reckon will be the components or features of a SLA Policy Assertion Language. Well, can you elaborate on how SLA fits into Policy Assertion?
Thanks a bunch. Cheers G. --- In [email protected], Anne Thomas Manes <[EMAIL PROTECTED]> wrote: > > WS-Policy is just a bucket for expressing policies, which are specified > using domain-specific policy assertion languages. One of the biggest > challenges in from of us is defining reasonable policy assertion languages, > eg. "SLA Policy Assertion Language". > > Anne > > On 11/22/05, Steve Ross-Talbot <[EMAIL PROTECTED]> wrote: > > > > Do we have any notion of process/methodology for this? > > > > What is the relationship between such a process and Business Process > > Methodologies? My initial thoughts are that governance (at least as far > > as active management to some notion of an SLA) is highly related to > > Business Process Management. This is because a Business Process > > described formally (in WS-CDL, BPEL or BPML or some such) provides a > > framework for policy attachments. This way we can make policy > > statements from a high level and iteratively down the software stack > > down to a granular service level. > > > > What sort of language do we need to express policy? Is it a language in > > which we make statements of fact and assert the facts over the > > services? > > Is it a language in which we can make policy assertions over existing > > policies (perhaps specialising policies)? Is it a language that has any > > notion of generalised computation (something that might be needed for > > SLA management)? > > > > We need to be very careful as to what sort of language we need because > > it has an impact on what sort of environment is needed to enact such > > policy statements. > > > > Is WS-Policy enough? Do we need something a little better thought out > > (perhaps something akin to PolicyRuleML? > > > > The language that we end up with needs to reflect what we need to > > describe a wide variety of policies and needs to dove tail into > > supporting a sensible methodology. > > > > I'd be interested in any thoughts on methodology and language design > > for describing policy. > > > > Cheers > > > > Steve T > > > > On 22 Nov 2005, at 00:45, Anne Thomas Manes wrote: > > > > > Spot on! > > > > > > Governance is about process. If you aren't willing to rigorously > > > execute the process, you won't have governance. Governance tools just > > > help you execute the process. They can automate parts of the process, > > > and they can erect hurdles that make it really challenging to avoid > > > the process. And in that way, they are very useful. But if you don't > > > have strong support from above that makes it clear that the process > > > must be executed, kiss the whole thing goodbye. > > > > > > Anne > > > > > > On 11/21/05, Sarode, Prashant <[EMAIL PROTECTED]> wrote:So > > > what I am getting confirmed here is that traditional rules and > > > mechanics of conventional IT Architecture and Governance have not yet > > > changed. The recipe for success is same and so are pitfalls for > > > failure. > > >> > > >> > > >> For success you still need an Enterprise IT Architecture & Governance > > >> body: > > >> ⢠That has a strong management muscle (or at least as strong as > > >> business muscle). > > >> ⢠That has strategic technology vision and appetite can map to > > >> business goals. > > >> ⢠That has strong technology people who equally understand business > > >> and can make use of tools (like those mentioned by Anne) to automate > > >> SOA governance process. Most importantly, people who can win the > > >> faith of Business that SOA can deliver $ benefits to them. > > >> > > >> > > >> > > >> So basics are same â¦So to make a general statementâ"Those organization > > >> which have been mildy successful with IT Architecture-Governance will > > >> somewhat easily adapt to SOA governance model.. > > >> > > >> > > >> > > >> > > >> > > >> Prashant Sarode > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> From: [email protected] > > >> [mailto:[EMAIL PROTECTED] On Behalf Of > > >> Biske, Todd > > >> Sent: Monday, November 21, 2005 11:57 AM > > >> To: [email protected] > > >> Subject: RE: [service-orientated-architecture] Re: SOA Governance work > > >> > > >> > > >> > > >> > > >> Governance is one of my favorite topics. If someone asked me the > > >> thing that will influence the success of an SOA initiative the most, > > >> it would be governance. > > >> > > >> > > >> > > >> As someone trying to build out an SOA in a corporate IT environment, > > >> I agree with Anne's definition 100%. A very easy way to look at it > > >> is to compare it to a traditional government. A government has to > > >> legislate, provide infrastructure, maintain strategic plans, enforce > > >> laws (police force), etc. These are all activities that an IT > > >> organization must do to govern an SOA. In reality, these are all > > >> things that an IT organization should have been doing, regardless of > > >> whether SOA is being done or not. > > >> > > >> > > >> > > >> The same challenges that municipalities face in their strategic > > >> growth are faced by IT organizations. Urban centers grew through a > > >> very centralized approach, but have had to become more and more > > >> decentralized due to suburban sprawl. As rural communities have > > >> grown, they have had to work more and more with their neighboring > > >> communities, possibly sharing common infrastructure and services. > > >> The same is true of IT organizations. The urban center can be thought > > >> of as the mainframe or legacy systems. Due to the web, web services, > > >> etc., portions of the legacy logic needs to be decentralized to meet > > >> the demands of the future. At the same time, silo'd application > > >> development represents the rural communities. These applications > > >> have grown, and the world of business processes is requiring them to > > >> work together seamlessly, rather than through inefficient handoffs > > >> and redundant processing. > > >> > > >> > > >> > > >> When the first tool came out claiming to provide "SOA Governance," I > > >> almost laughed out loud, knowing that there is no tool or technology > > >> that will provide SOA Governance. There are tools and technologies > > >> that can make governance easier, but ultimately, it will come down to > > >> process and communication. If the process and communication isn't > > >> there, the governance won't be either. At the same time, wecan't > > >> governby processalone. The thingsbeing enforced (i.e. the > > >> legislation) must be documented for all to see.Herein lies the real > > >> challege with regards to SOA or, more broadly, applyinggovernance to > > >> IT.SOA is about looking horizontallywhile others are looking > > >> vertically.Howdo you document therulesassociated withmaking > > >> something an enterprise service versus an application-specific > > >> service?Yes,we can have rules aroundWS-I compliance and > > >> namingconventions,but this often comes down to semantics and > > >> astrategic vision (i.e.business serviceblueprint). This isakin > > >> to a business applying for a business license in acity. There will > > >> be guidelines for the application that must be followed, butthere > > >> isstill a judgement that must be doneby a city council as to > > >> whether they want the business in their city. There may be general > > >> guidelines in the city master plan, and the opinions of the council > > >> members are exposed through the political process, but largely, > > >> things will be handled on a case by case basis by a set of people > > >> given the responsibility for making those decisions. If you have the > > >> wrong people in place, you won't be successful. > > >> > > >> > > >> > > >> -tb > > >> > > >> > > >> -----Original Message----- > > >> From: Anne Thomas Manes [mailto:[EMAIL PROTECTED] > > >> Sent: Sunday, November 20, 2005 7:17 AM > > >> To: [email protected] > > >> Subject: Re: [service-orientated-architecture] Re: SOA Governance work > > >>> > > >>> I'd love to see further discussion on this topic. I'd love to hear > > >>> from people what governance practices they are putting into place. > > >>> > > >>> Steve -- you seem to be associating governance with autonomic > > >>> computing, so I feel obliged to reiterate that governance is not > > >>> limited in scope to runtime efforts. Governance applies to all > > >>> stages of service lifecycle -- design, development, testing, QA, > > >>> release engineering, staging, provisioning, operations, client > > >>> provisioning, testing, error tracking, revisions, etc. > > >>> > > >>> Certainly you want to make runtime operations run as smoothly as > > >>> possible and resolve hiccups as autonomically as possible, but I > > >>> would call that SOA management rather than SOA governance. Back to > > >>> Gautham's comment -- WSM products play an enforcement role in > > >>> governance, because they typically enforce a bunch of policies at > > >>> service provisioning time (configuring security for the service, > > >>> etc), and they enforce policies at runtime (authN, authZ, auditing, > > >>> etc). But SOA governance requires a lot more than just policy > > >>> enforcers. Enforcement is the easy part. > > >>> > > >>> Governance is actually more about putting hurdles in place to > > >>> verify compliance than it is about making things go smoothly. > > >>> Governance makes sure that developers don't circumvent the ops > > >>> people so that they can get their app out more quickly. Governance > > >>> is about making sure that apps have been thoroughly tested before > > >>> they get deployed. Governance is about making sure that an app has > > >>> the proper security protections in place. Governance is about making > > >>> sure that the next consumer that gets permission to use a service > > >>> doesn't overwhelm the system and bring down 20 other apps. > > >>> > > >>> Some parts of governance can be automated. Other parts of > > >>> governance can be guided using human workflow. Other parts of > > >>> governance are definitely manual in nature. For example, no one's > > >>> going to generate your corporate SOA policies for you. That takes a > > >>> lot of hard work and collaboration across departments and business > > >>> units. Defining the policies is the hard part. > > >>> > > >>> The governance tools I mentioned from Systinet and WebLayers are > > >>> policy management systems. They help with the policy definition > > >>> process by providing a database to capture and maintain the > > >>> policies, and they help with policy compliance testing. Policies are > > >>> reusable artifacts that have their own lifecycle. They are defined, > > >>> codified, used, and revised. A policy management system provides the > > >>> means to: > > >>> ⢠codify and document a policy (e.g., all services must use > > >>> literal encoding and here's how you test for compliance), > > >>> ⢠group policies (e.g., the WS-I BP policy group comprises a > > >>> couple hundred individual policies), > > >>> ⢠attach policies/policy groups to various service > > >>> groups/services/service artifacts > > >>> ⢠identify when artifacts should be tested for compliance (code > > >>> check-in, build, registration, invocation, etc) > > >>> ⢠test services/service artifacts for compliance > > >>> ⢠report on compliance violations > > >>> ⢠provide an approval process for compliance waivers > > >>> > > >>> Anne > > >>> > > >>> On 11/19/05, Steve Ross-Talbot <[EMAIL PROTECTED]> wrote: > > >>> > > >>> I agree that the workshop was not entitled governance for SOA at all. > > >>> But it was very much in that direction. As you say governance is a > > >>> very > > >>> wide topic. Alas your reports are not available whereas the position > > >>> papers at the workshop are freely available. So at least it is a > > >>> start > > >>> and coupled with your basic thoughts perhaps we can drive forward in > > >>> the right direction. > > >>> > > >>> I'd be interested in any open discussion on the topic as I have > > >>> spend a > > >>> good deal of time talking to people about this in various roles > > >>> (vendors, users and just practitioners) and thus far it remains > > >>> something of a wish list rather than something that really exists in > > >>> product. I do know that the companies you mentioned have made > > >>> strides > > >>> in this area (including Systinet - your old company, and of course > > >>> Enigmatec - my old company) but we are a long way off from achieving > > >>> the sort of governance that is needed to achieve the IBM vision of > > >>> autonomic computing. > > >>> > > >>> So any ideas thoughts would be welcome and doubly so if we can make > > >>> it > > >>> an open discussion. > > >>> > > >>> Cheers > > >>> > > >>> Steve T > > >>> > > >>> On 19 Nov 2005, at 13:52, Anne Thomas Manes wrote: > > >>> > > >>> >Based on my experience working with clients, I disagree that the > > >>> term > > >>> > "governance" is scoped to the subject of the W3C workshop on > > >>> > constraints and capabilities. I've written a lot about governance > > >>> for > > >>> > Burton Group. Unfortunately, I can't share those reports with you > > >>> > because Burton Group reports are available only to subscribers. > > >>> > > > >>> >But I will share with you some basic thoughts: > > >>> > > > >>> > Governance refers to the processes that an enterprise puts in > > >>> place to > > >>> > ensure that things are done right, where "right" means in > > >>> accordance > > >>> > with best practices, architectural principles, government > > >>> regulations, > > >>> > laws, and other determining factors. SOA governance refers to the > > >>> > processes used to govern adoption and implementation of SOA. > > >>> > > > >>> >SOA governance involves three steps: > > >>> > 1 Define SOA policies > > >>> > 2 Deploy an SOA infrastructure that supports adoption > > >>> of these > > >>> > policies > > >>> > 3Institute a set of formal processes and procedures > > >>> that verify > > >>> > compliance with these policies > > >>> > > > >>> > SOA policies relate to issues such as: > > >>> > ⢠· Design principles > > >>> > ⢠· Preferred design patterns > > >>> > ⢠· Application-factoring rules > > >>> > ⢠· Naming conventions > > >>> > ⢠· Metadata requirements > > >>> > ⢠· Documentation > > >>> > ⢠· Preferred products > > >>> > ⢠· Product selection guidelines > > >>> > ⢠· Preferred domain standards > > >>> > ⢠· Preferred industry standards > > >>> > ⢠· Methods for dealing with regulatory requirements > > >>> > ⢠· Methods for assessing security risks > > >>> > ⢠Methods for implementing security based on risk > > >>> factor > > >>> > ⢠· Methods for ensuring reliability and transaction > > >>> > integrity· > > >>> > ⢠Service testing > > >>> > ⢠New service deployment and staging > > >>> > ⢠· Service registration > > >>> > ⢠· Service classification > > >>> > ⢠· Service provisioning > > >>> > ⢠· Service configuration > > >>> > ⢠· Service monitoring > > >>> > ⢠· Client provisioning > > >>> > ⢠· Service modification > > >>> > ⢠· Service versioning > > >>> > ⢠· Impact analysis > > >>> > ⢠· Service level objectives (SLO) > > >>> > ⢠· Service level agreement (SLA) compliance tracking > > >>> > ⢠· Error tracking and resolution > > >>> >This list is long, but it barely scratches the surface. > > >>> > > > >>> >Products that help with SOA governance include registries, > > >>> > repositories, software asset management systems, workflow, testing > > >>> > tools, web services management. > > >>> > > > >>> >No one vendor covers the full SOA governance lifecycle. > > >>> > > > >>> >Leading players in the SOA governance software market include: > > >>> > ⢠Systinet and WebLayers, who provide policy > > >>> management systems > > >>> > (repository-based system for managing the lifecycle of codified > > >>> > policies) as well as policy compliance testing tools and > > >>> integrated > > >>> > workflow for managing approval processes. Mindreef also does some > > >>> > compliance testing, but at a much smaller scope. > > >>> > ⢠Systinet, Infravio, Flashline, and LogicLibrary, > > >>> who provide > > >>> > registries, repositories, and/or software asset management > > >>> systems, > > >>> > which are extremely useful for managing SOA assets and which can > > >>> be > > >>> > used as a gatekeeper for institution of governance approval > > >>> processes > > >>> > at various points in the service lifecycle (dev, testing, staging, > > >>> > provisioning, revisions) > > >>> > ⢠AmberPoint, Actional, Layer 7, and Reactivity, who > > >>> provide support > > >>> > for governance at the service provisioning and runtime stages. > > >>> >Anne > > >>> > > > >>> > On 11/19/05, Gautham Kasinath <[EMAIL PROTECTED] > wrote: > > >>> >> > > >>> >> Thanks for the brief explanation. I am reading the workshop > > >>> materials > > >>> >> from W3C on the topic, following your advice. > > >>> >> > > >>> >> Thanks again. > > >>> >> > > >>> >> Cheers > > >>> >> Gautham Kasinath > > >>> >> --- In [email protected], Steve > > >>> >> Ross-Talbot <[EMAIL PROTECTED] ...> wrote: > > >>> >> > > > >>> >> > Gautham, > > >>> >> > > > >>> >> > Normally the term governance as applied to SOA is based on the > > >>> >> notion > > >>> >> > of static governance. > > >>> >> > This is the sort of thing that WS-Policy (which is not a > > >>> standard) > > >>> >> is > > >>> >> > all about. A recent workshop > > >>> >> > run by W3C looked at wider notions of governance including the > > >>> more > > >>> >> > interesting form which is > > >>> >> > dynamic governance. > > >>> >> > > > >>> >> > It probably makes sense to take a peek at the W3C workshop > > >>> papers to > > >>> >> > get a better understanding > > >>> >> > of what governance is all about. > > >>> >> > > > >>> >> > Cheers > > >>> >> > > > >>> >>> Steve T > > >>> >> > > > >>> >> > W3C Workshop on Constraints and Capabilities for Web Services > > >>> >> > http://www.w3.org/2004/09/ws-cc-program.html#papers > > >>> >> > > > >>> >> > > > >>> >> > > > >>> >> > On 19 Nov 2005, at 00:33, Gautham Kasinath wrote: > > >>> >> > > > >>> >> > > Hello, > > >>> >> > > > > >>> >> > >What exactly is SOA governance? Is it goverining an SOA > > >>> >> framework, > > >>> >> > >like in monitoring request-response, SLA etc? > > >>> >> > > > > >>> >> > >Cheers > > >>> >> > >Gautham Kasinath > > >>> >> > > > > >>> >> > >--- In [email protected], John > > >>> >> Crupi > > >>> >> > ><[EMAIL PROTECTED]> wrote: > > >>> >> > >> > > >>> >> > >> Would you like to start with the use-cases/scenarios first > > >>> to > > >>> >> helpà > > >>> >> > >> narrow the problem? > > >>> >> > >> > > >>> >> > >> jc > > >>> >> > >> ----------------------------------------- > > >>> >> > >> John Crupi > > >>> >> > >> CTO, Enterprise Web Services Practice > > >>> >> > >> Sun Distinguished Engineer > > >>> >> > >> AIM: JohnCrupi > > >>> >> > >> Blog: blogs.sun.com/crupi <http://blogs.sun.com/crupi> > > >>> >> > >> Cell: 301.526.7890 > > >>> >> > >> > > >>> >> > >> > > >>> >> > >> On Nov 18, 2005, at 12:22 AM, Tilak Mitra wrote: > > >>> >> > >> > > >>> >> > >> > I am looking for some real world implementation of SOA > > >>> >> > >> > Governance, starting right from a project inception > > >>> >> > >> > i.e. Strategy and Visioning , through Design, > > >>> >> > >> > Implementation and right through operational and > > >>> >> > >> > runtime. > > >>> >> > >> > Any white paper / research work or material in any > > >>> >> > >> > other form would be helpful. > > >>> >> > >> > Thanks > > >>> >> > >> > Regards > > >>> >> > >> > Tilak > > >>> >> > >> > > > >>> >> > >> > > > >>> >> > >> > > > >>> >> > >> > __________________________________ > > >>> >> > >> > Yahoo! FareChase: Search multiple travel sites in one > > >>> click. > > >>> >> > >> > http://farechase.yahoo.com > > >>> >> > >> > > > >>> >> > >> > > > >>> >> > >> > > > >>> >> > >> > YAHOO! GROUPS LINKS > > >>> >> > >> > > > >>> >> > >> >ÃVisit your group "service-orientated-architecture" on the > > >>> >> web. > > >>> >> > >> > > > >>> >> > >> >ÃTo unsubscribe from this group, send an email to: > > >>> >> > >> > > >>> >[EMAIL PROTECTED] > > >>> >> > >> > > > >>> >> > >> >ÃYour use of Yahoo! Groups is subject to the Yahoo! Terms > > >>> of > > >>> >> > > Service. > > >>> >> > >> > > > >>> >> > >> > > > >>> >> > >> > > >>> >> > > > > >>> >> > > > > >>> >> > > > > >>> >> > > > > >>> >> > > > > >>> >> > > > > >>> >> > > > > >>> >> > > > > >>> >> > > SPONSORED LINKS > > >>> >> > > Service-oriented architecture > > >>> >> > > Computer monitoring software > > >>> >> > > Computer and internet software > > >>> >> > > Free computer monitoring software > > >>> >> > > > > >>> >> > > YAHOO! GROUPS LINKS > > >>> >> > > > > >>> >> > > ââ"ª à Visit your group "service-orientated-architecture" > > >>> >> on the web. > > >>> >> > > à > > >>> >> > > ââ"ª à To unsubscribe from this group, send an email to: > > >>> >> > > à [EMAIL PROTECTED] > > >>> >> > > à > > >>> >> > > ââ"ª à Your use of Yahoo! Groups is subject to the Yahoo! > > >>> >> Terms of > > >>> >> > > Service. > > >>> >> > > > > >>> >> > > > > >>> >> > > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> >> ------------------------ Yahoo! Groups Sponsor > > >>> >> --------------------~--> > > >>> >> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your > > >>> home > > >>> >> page > > >>> >> http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM > > >>> >> > > >>> -------------------------------------------------------------------- > > >>> >> ~-> > > >>> >> > > >>> >> > > >>> >>Yahoo! Groups Links > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> > > > >>> > > > >>> > > > >>> > SPONSORED LINKS > > >>> > Service-oriented architecture > > >>> > Computer monitoring software > > >>> > Computer and internet software > > >>> > Free computer monitoring software > > >>> > > > >>> > YAHOO! GROUPS LINKS > > >>> > > > >>> > ⪠Visit your group "service-orientated-architecture" > > >>> on the web. > > >>> > > > >>> > ⪠To unsubscribe from this group, send an email to: > > >>> > [EMAIL PROTECTED] > > >>> > > > >>> > ⪠Your use of Yahoo! Groups is subject to the Yahoo! > > >>> Terms of > > >>> > Service. > > >>> > > > >>> > > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> ------------------------ Yahoo! Groups Sponsor > > >>> --------------------~--> > > >>> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your > > >>> home page > > >>> http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM > > >>> > > >>> -------------------------------------------------------------------- > > >>> ~-> > > >>> > > >>> > > >>> Yahoo! Groups Links > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> --------------------------------------------------------------------- > > >>> ---------------- > > >>> A.G. Edwards & Sons' outgoing and incoming e-mails are > > >>> electronically > > >>> archived and subject to review and/or disclosure to someone other > > >>> than the recipient. > > >>> > > >>> > > >>> --------------------------------------------------------------------- > > >>> ---------------- > > >>> > > >>> > > >>> > > >>> > > >>> ********************************************************************* > > >>> ***** > > >>> This message and any attached documents contain information > > >>> which may be confidential, subject to privilege or exempt from > > >>> disclosure under applicable law. These materials are solely for > > >>> the use of the intended recipient. If you are not the intended > > >>> recipient of this transmission, you are hereby notified that any > > >>> distribution, disclosure, printing, copying, storage, modification > > >>> or the taking of any action in reliance upon this transmission is > > >>> strictly prohibited. Delivery of this message to any person other > > >>> than the intended recipient shall not compromise or waive > > >>> such confidentiality, privilege or exemption from disclosure as > > >>> to this communication. > > >>> > > >>> If you have received this communication in error, please notify > > >>> the sender immediately and delete this message from your system. > > >>> > > >>> ********************************************************************* > > >>> ******** > > >>> > > >>> YAHOO! GROUPS LINKS > > >>> > > >>> ⪠Visit your group "service-orientated-architecture " on the web. > > >>> > > >>> > > >>> ⪠To unsubscribe from this group, send an email to: > > >>> [EMAIL PROTECTED] > > >>> > > >>> > > >>> ⪠Your use of Yahoo! Groups is subject to the Yahoo! Terms of > > >>> Service. > > >>> > > >>> > > > > > > > > > YAHOO! GROUPS LINKS > > > > > > ⪠Visit your group "service-orientated-architecture" on the web. > > > > > > ⪠To unsubscribe from this group, send an email to: > > > [EMAIL PROTECTED] > > > > > > ⪠Your use of Yahoo! Groups is subject to the Yahoo! Terms of > > > Service. > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
